• This text originally appeared as an article distributed through the security-news bulletin

No matter what type of action you are planning, there is a good chance you don't want a corporate or government official to identify you as the person doing the research. On more than one occasion, research records have been used to track people back to specific events, largely because the individuals have not been aware of how their digital & physical trails lead to them. Over the past few years, with the digitization of all forms of data, this danger has increased - not only because so much research is being conducted online, but because library & other database driven requests databases are now linked and easily accessible by law enforcement.

The following tips are important to keep in mind if you have a vested interest in keeping your connection to some research or a later action private.

The key thing is not to leave a document trail (digital or physical), and the following tips are designed not to give an exhaustive run-through, but to highlight some of the issues you should be thinking about when conducting secure research.

1. Who bought those books and materials? Don't use your credit or debit cards to make purchases related to your research. These can be used later by law enforcement to construct patterns of reading and also timing between research and actions.

2. Watch those library records. During the Gulf War (1991) Canadian law enforcement pressured libraries to turn over records of what Canadians of Arabic background were reading. We're pretty sure that in these heightened days of "national security" these practices continue. Read the book in the library and make sure you are not on CCTV while you are doing it.

3. Securely surf the internet. If you must conduct your research from home (which is up to your discretion), make sure you are doing it securely. ALWAYS use a proxy when doing web research, make sure your history files and caches are purged, and wipe your that your hard drive regularly. If you go out to an Internet Cafe or other location to do research, don't use places that ask for ID or sport CCTV cameras, and make sure the screens are well-shielded from prying eyes. Please check out other parts of this site.

4. FOI/ATIP (and other government) requests. These are traceable because they require your full legal name and address. It is possible to do these using a false name and PO box, though it can depend from agency to agency (some require ID to pick up data from them). If you are able to do this using a PO box, make sure that box is not linked to you.

5. Telephone when possible, written requests provide clues. Phoning from a *payphone* is better than writing a letter requesting information. Letters provide a document trail and tools for later analysis, telephone calls do not always - it is still unusual for phone calls to most government agencies and corporations to be automatically recorded. Make sure your timeline is appropriate if placing information-related phone calls.

6. Physical Research. Need to do recon on a building or location? That's a whole other how-to (that we'll be doing in the future). Suffice to say that you want to do this with utmost caution, practice active counter-surveillance and steer as clear as possible from cameras. Appearance altering is obviously a good course of action in these instances.

7. Secure Storage. Don't leave your collected data lying around where anyone can read it. A locked filing cabinet in your home is *not* secure storage (you know how easy it is to pick those?). You may opt for off-site storage if the data is particularly sensitive - which is a judgement call. Electronic data should be stored securely on a palm pilot or laptop if possible (something that rarely leaves your personal posssession), and encrypted using PGPdisk or other disk encryption tools. Never leave data on an unecrypted hard drive or within a network if you don't want anyone to access it.

8. Timeline. It's a good idea to leave some time between the research and the action itself. This counts especially if you have been on the phone or doing reconnaissance on physical locations, and someone could remember you. Again, it's your call, but distance of a few months can assist in helping people forget that they talked to or saw you.

9. Destroy Destroy Destroy. Normally when conducting research the principle is to document every little thing - but in the case of secure research you want to follow a principle of destroying any data or research linked to an action. Secure destruction includes burning paper documents in a safe area, wiping hard drives clean, and purging any cached information. In addition, destroying floppy disks, cds, or other portable media used to carry information is extremely important. Don't just write over them - destroy them as completely as possible and throw the pieces out separately so that disks and data can't be reconstructed.

   As always the degree to which you take security should be proportional to the value and sensitivity of the data you are collecting. Doing research for a public demonstration usually requires a different security level than doing research with the intention of carrying out more covert activities. If you have any tips on secure research to share, please email secure@resist.ca so they can be included in further updates and on our websites.

   ---

   More resources:

   Research for Radicals - this is a Canadian guide that shows how to comprehensively and safely conduct research on the activities of private industry and the government. PDF format only at the moment.

   Researching a U.S. Target - http://www.hackcanada.com/ice3/misc/ustarget.html The contents of this text document are a starting point for anyone who wishes to research a US target, however, much of the information may be relevant to Canadian citizens.

   
   

   
   
   

   
   

   Choose A General Security Section   General Security Index Main Index ------------------ Security Culture Personal Safety Building/Structural Security Law Enforcement Agency Investigations Physical and Electronic Surveillance Informants and Infiltrator Research and Investigations Electronic Gear ------------------ Articles and Additional Resources Feedback

   
   

   security.tao.ca index.